Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Implement and Manage Storage practice sets

AZ-104 Implement and Manage Storage • Complete Question Bank

AZ-104 Implement and Manage Storage — All Questions With Answers

Complete AZ-104 Implement and Manage Storage question bank — all 0 questions with answers and detailed explanations.

228
Questions
Free
No signup
Certifications/AZ-104/Practice Test/Implement and Manage Storage/All Questions
Question 1hardmultiple choice
Read the full Implement and Manage Storage explanation →

Your company stores departmental documents in an Azure file share. Users need to be able to recover previous versions of files that were deleted or modified accidentally. You need a solution that supports recovery at the file share level without deploying additional virtual machines. What should you configure?

Question 2mediummultiple choice
Read the full Implement and Manage Storage explanation →

A business-critical application uses an Azure storage account. The company requires that data remain available even if an entire Azure region becomes unavailable. Which redundancy option should you choose?

Question 3hardmultiple choice
Read the full Implement and Manage Storage explanation →

A partner needs temporary read-only access to a single blob in a storage account for the next 24 hours. The partner must not be able to list other blobs or write data. What should you provide?

Question 4mediummultiple choice
Read the full Implement and Manage Storage explanation →

You have a storage account named stlogs01. An application running on VM-App01 in Azure must access blobs in the account without storing account keys in code or configuration files. What should you use?

Question 5mediummultiple choice
Read the full Implement and Manage Storage explanation →

You need to grant an external partner temporary read access to a single blob in an Azure storage account without giving access to the account key. What should you create?

Question 6mediummultiple choice
Read the full Implement and Manage Storage explanation →

You have a storage account that stores infrequently accessed data that must remain available immediately when requested. You need to minimize storage costs. Which access tier should you use?

Question 7hardmultiple choice
Read the full Implement and Manage Storage explanation →

A company uses Azure Blob Storage for legal documents. The documents must not be modified or deleted for seven years after upload, even by administrators. What should you configure?

Question 8mediummultiple choice
Read the full Implement and Manage Storage explanation →

A storage account hosts blobs used by a public website. You need to reduce the risk of accidental deletion by developers while allowing updates to existing blobs. What should you configure?

Question 9hardmultiple choice
Read the full Implement and Manage Storage explanation →

You need to allow a partner application to upload files to a blob container for the next 24 hours. The partner must not receive the storage account key. What should you provide?

Question 10hardmultiple choice
Read the full Implement and Manage Storage explanation →

Users in Branch01 access an Azure file share over SMB. Performance is poor because frequently used files are downloaded repeatedly across the WAN. You need to keep a local cache on a Windows Server in Branch01 while keeping Azure Files as the central file share. What should you deploy?

Question 11mediummultiple choice
Read the full Implement and Manage Storage explanation →

You plan to store backup files that are written once per week and are rarely accessed except during an audit. The company wants the lowest storage cost but still needs online access within hours, not days. Which blob access tier should you choose?

Question 12mediummultiple choice
Read the full Implement and Manage Storage explanation →

You need to create a storage account that provides the lowest-cost redundant storage for non-critical data and only needs protection against local disk or server failure within a single datacenter. Which redundancy option should you choose?

Question 13hardmultiple choice
Read the full Implement and Manage Storage explanation →

Your company stores monthly reports in Azure Blob Storage. The reports are rarely accessed, but when needed they must be read within seconds rather than hours. You need to minimize storage cost while preserving near-immediate availability. Which access tier should you use?

Question 14mediummultiple choice
Read the full Implement and Manage Storage explanation →

You need to synchronize an on-premises Windows file server with an Azure file share so that branch offices can continue using the local server while keeping cloud-based copies of the files. Which service should you configure?

Question 15hardmultiple choice
Read the full Implement and Manage Storage explanation →

Your application stores compliance documents in Azure Blob Storage. The documents must be kept in a write-once-read-many state for five years and must not be altered or removed during that time. What should you configure?

Question 16mediummultiple choice
Read the full Implement and Manage Storage explanation →

You need a storage redundancy option that keeps data available if an entire availability zone in the primary region fails, but you do not need cross-region replication. Which redundancy option should you choose?

Question 17mediummultiple choice
Read the full Implement and Manage Storage explanation →

You need to move infrequently accessed blob data automatically from the Hot tier to the Cool tier after 30 days to reduce cost. What should you configure?

Question 18hardmultiple choice
Read the full Implement and Manage Storage explanation →

Your application stores compliance records in Azure Blob Storage. The records must remain in a write-once-read-many state for three years and must not be altered or deleted during that period. What should you configure?

Question 19hardmultiple choice
Read the full Implement and Manage Storage explanation →

You need to allow recovery of previous versions of files stored in an Azure file share after accidental modification or deletion. Which feature should you configure?

Question 20hardmultiple choice
Read the full Implement and Manage Storage explanation →

You store long-term financial statements in Azure Blob Storage. The files are almost never accessed, but when they are needed they must be readable immediately without waiting for rehydration. You need to minimize cost. Which access tier should you use?

Question 21mediummultiple choice
Read the full Implement and Manage Storage explanation →

You need to choose a storage redundancy option that provides the lowest cost and protects data against local hardware failure within a single datacenter only. Which redundancy option should you select?

Question 22mediummultiple choice
Read the full Implement and Manage Storage explanation →

You need to give a third-party auditor temporary read-only access to specific blobs in a container without sharing the storage account keys. Which feature should you use?

Question 23hardmultiple choice
Read the full Implement and Manage Storage explanation →

Your application stores regulatory records in Azure Blob Storage. The records must remain in a write-once-read-many state for four years and must not be altered or deleted during that time. What should you configure?

Question 24easymultiple choice
Read the full Implement and Manage Storage explanation →

A user deleted one Excel file from a file share backed up with Azure Backup. You want to restore only that file, not the entire share. What should you use?

Question 25mediummultiple choice
Read the full Implement and Manage Storage explanation →

Based on the exhibit, which method should the administrator use to grant the partner time-limited access to one container?

Network Topology
az storage container generate-sasaccount-name corpfiles01name partnerdroppermissions rwdlexpiry 2026-05-01T18:00Zhttps-onlyCommand run by administrator:Message returned:Business requirement:
Question 26easymultiple choice
Read the full Implement and Manage Storage explanation →

Before changing a managed data disk attached to a VM, you want a point-in-time copy that can be restored later if the change fails. What should you create?

Question 27mediummultiple choice
Read the full Implement and Manage Storage explanation →

An application writes transaction logs to a storage account in a region that supports availability zones. The business wants the account to stay available if one datacenter or zone fails, but it does not need a secondary region replica. Which redundancy option should you choose?

Question 28easymatching
Read the full Implement and Manage Storage explanation →

Match each blob tier or protection feature to the correct description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Best for data accessed frequently and kept immediately available.

Best for infrequently accessed data that still remains online.

Stores data offline and requires rehydration before it can be read.

Moves archived data back to an online tier so it can be accessed again.

Helps prevent modification or deletion for a retention period.

Question 29mediummultiple choice
Read the full Implement and Manage Storage explanation →

Based on the exhibit, what should the administrator do to prevent anyone from changing the retention settings after validation?

Exhibit

Container properties:
Container name: auditlogs
Immutable storage: enabled
Immutability policy mode: Unlocked
Retention period: 30 days
Allow protected append writes: Yes
Compliance note: the retention period has been tested and approved, and the organization wants the setting to be fixed so it cannot be shortened later.
Question 30mediummultiple choice
Read the full Implement and Manage Storage explanation →

A web app running in Azure App Service must read blobs from a storage account. The app must authenticate without storing secrets or SAS tokens, and administrators should grant only blob data permissions, not storage management permissions. What should you configure?

Question 31mediummultiple choice
Read the full Implement and Manage Storage explanation →

A line-of-business application stores transaction logs in an Azure Storage account. The app must keep working if one availability zone in the primary region fails, and administrators want read access to the secondary copy if the primary region becomes unavailable. Which redundancy option should you choose?

Question 32mediummultiple choice
Read the full Implement and Manage Storage explanation →

Based on the exhibit, what is the best access change to let John download blobs from only the invoices container?

Exhibit

Azure portal role assignments for storage account appdata01:
- John Doe: Contributor at storage account scope
- Data access test from portal: You do not have permissions to list containers.
- Requirement: John must read and download blobs from container invoices and nothing else.
Question 33mediummultiple choice
Read the full Implement and Manage Storage explanation →

A contractor needs temporary access to upload and download files in only one blob container for 8 hours. You do not want to share the storage account key, and you want to revoke access later without affecting other containers. What should you create?

Question 34mediummultiple choice
Read the full Implement and Manage Storage explanation →

A reporting system requires a storage account that is zone resilient in the primary region and also keeps a geo-replicated secondary copy that can be read during an outage. Which redundancy option should you select?

Question 35mediummultiple choice
Read the full Implement and Manage Storage explanation →

A lifecycle rule moves blobs to the archive tier after 90 days. A file was archived 2 weeks ago, and a reporting job now needs to read it tomorrow morning. What should you expect?

Question 36mediummultiple choice
Read the full Implement and Manage Storage explanation →

Based on the exhibit, what should you do so the report can open the file tomorrow morning?

Exhibit

Blob properties:
Name: monthly-finance.csv
Access tier: Archive
Archive status: none
Last modified: 2026-04-10
Application log:
12:05 UTC - Job started
12:06 UTC - Download failed: Blob is currently archived and must be rehydrated before it can be read.
Business requirement: analysts must open the file in Excel tomorrow morning.
Question 37mediummultiple choice
Read the full Implement and Manage Storage explanation →

A company has 15 branch Windows file servers that must show the same shared drive content. Users should keep working during short WAN outages, and local servers should cache frequently used files. Which Azure feature should you deploy?

Question 38hardmulti select
Read the full Implement and Manage Storage explanation →

An Azure Function App and an Azure Automation runbook both need to upload, read, and delete blobs in one container. You must avoid stored secrets and keep the permissions as limited as possible. Which two configuration choices should you make? Select two.

Question 39hardmulti select
Read the full VPN explanation →

A hub-and-spoke environment already has an Azure VPN gateway deployed in the hub VNet. A spoke VNet must send on-premises traffic through that existing gateway, and administrators must be able to manage the peering from either side without creating a separate gateway in the spoke. Which two peering settings are required? Select two.

Question 40easymatching
Read the full Implement and Manage Storage explanation →

Match each blob access method or setting to its best use case.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Provides full access to the storage account and should be protected carefully.

Grants time-limited access to specific resources and permissions.

Authorizes users or applications through Microsoft Entra ID at a chosen scope.

Allows anonymous read access when enabled for the container.

Lets an Azure-hosted app authenticate without storing credentials or secrets.

Question 41mediummultiple choice
Read the full Implement and Manage Storage explanation →

Based on the exhibit, which Azure feature best meets the file-sharing requirement?

Exhibit

Topology notes:
- Eight branch offices each run Windows Server 2022 with a local SMB share.
- Each branch must keep accessing the same files if the WAN link is down for several hours.
- Head office wants a single Azure file share to act as the central copy.
- Frequently used files should remain cached on the branch servers.
Question 42mediummultiple choice
Read the full Implement and Manage Storage explanation →

An employee accidentally deletes a critical document from an Azure file share. You need to restore only that file to its earlier state without restoring the entire share or using a vault-based backup job. Which feature should you use?

Question 43mediummultiple choice
Read the full Implement and Manage Storage explanation →

Based on the exhibit, which redundancy setting should you choose before deploying the storage account?

Exhibit

Storage account: prodarchive01
Kind: StorageV2
Current redundancy: GRS
Primary region: East US 2
Secondary region: Central US
Requirement notes:
- The application must remain available if one availability zone in East US 2 fails.
- If the primary region becomes unavailable, analysts must still be able to read from the secondary copy without waiting for a manual failover.
- The workload reads blobs directly during recovery.
Question 44easymatching
Read the full Implement and Manage Storage explanation →

Match each Azure Storage redundancy option to the best description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Stores three copies of data within one Azure datacenter.

Stores copies across multiple availability zones in one region.

Replicates data to a secondary region, but the secondary copy is not readable.

Replicates data to a secondary region and allows read access to that secondary copy.

Combines zone redundancy in the primary region with geo-replication to a secondary region.

Combines zone redundancy and geo-replication, with readable access to the secondary region.

Question 45easymultiple choice
Read the full Implement and Manage Storage explanation →

Before changing a managed data disk on a production VM, you want a point-in-time copy that you can keep and restore later if needed. What should you create?

Question 46mediummulti select
Read the full Implement and Manage Storage explanation →

A backup archive must survive a regional outage, and engineers need to read the secondary copy if the primary region is unavailable. Which two redundancy options meet both requirements? Select two.

Question 47mediummulti select
Read the full Implement and Manage Storage explanation →

A team moved blob data to the Archive tier to minimize cost. They now need to restore a few files for an audit. Which two statements are true about accessing archived blobs? Select two.

Question 48mediummulti select
Read the full Implement and Manage Storage explanation →

A data-processing app reads blobs immediately after upload, and operations do not want any rehydration delay. Which three access tiers can be read directly? Select three.

Question 49mediummulti select
Read the full Implement and Manage Storage explanation →

A workload must keep storage available if one availability zone in the primary region fails. Geo-failover is optional, but the account must still meet the zone-failure requirement. Which two redundancy options satisfy this? Select two.

Question 50easymultiple choice
Read the full Implement and Manage Storage explanation →

A web app in Azure needs to upload files to a blob container. The development team wants the app to authenticate without storing a storage account key or password in code. Which approach should the administrator configure?

Question 51easymultiple choice
Read the full Implement and Manage Storage explanation →

A company wants its file share data to be automatically copied to a paired Azure region, and administrators want to read the secondary copy during a disaster test. Which redundancy option should they use?

Question 52easymultiple choice
Read the full Implement and Manage Storage explanation →

A help desk engineer must be able to start, stop, and resize only VM-App01. The engineer must not gain access to any other virtual machines or resource groups in the subscription. What scope should you use for the Azure RBAC role assignment?

Question 53easymultiple choice
Read the full Implement and Manage Storage explanation →

An engineering team stores build artifacts that are downloaded every day by developers for a week after release, then rarely after that. Which tier should the administrator choose for the period when the artifacts are still actively used?

Question 54hardmulti select
Read the full Implement and Manage Storage explanation →

A legal team stores scanned contracts in Blob Archive. Auditors will need to open several files next week for about five days and then the documents should return to the lowest practical storage cost. Which two actions should the administrator plan? Select two.

Question 55easymultiple choice
Read the full Implement and Manage Storage explanation →

A finance department wants several Windows virtual machines to map the same shared drive letter and work with the same files at the same time. Which Azure Storage service should you configure?

Question 56easymultiple choice
Read the full Implement and Manage Storage explanation →

A team wants an Azure Storage account to be reachable only from a single Azure virtual network and to use a private IP address inside that network. Which option should the administrator configure?

Question 57easymultiple choice
Read the full Implement and Manage Storage explanation →

A legal department stores scanned contracts that are kept for compliance and are almost never opened. They want the lowest storage cost, and it is acceptable if files take time to become available before download. Which blob tier should you choose?

Question 58easymultiple choice
Read the full Implement and Manage Storage explanation →

A team stores application logs in an Azure Storage account. The logs must remain available if an entire Azure availability zone in the primary region has an outage, but the team does not require a secondary region copy. Which redundancy option should you choose?

Question 59easymultiple choice
Read the full Implement and Manage Storage explanation →

A contractor needs temporary read-only access to a single blob container for three hours. The contractor does not have an Azure user account in your tenant. Which method is the best fit?

Question 60hardmulti select
Read the full Implement and Manage Storage explanation →

A finance archive stores critical blobs in an Azure region that supports availability zones. The data must survive a single zone failure and also remain available if the primary region becomes unavailable. The team does not need a read-only endpoint in the secondary region during normal operations. Which two redundancy models satisfy the requirement? Select two.

Question 61easymultiple choice
Review the full subnetting walkthrough →

A storage account should accept requests only from a specific virtual network subnet in Azure. The team does not want traffic to reach the public endpoint from the internet. What should the administrator configure?

Question 62mediummultiple choice
Read the full Implement and Manage Storage explanation →

A contractor needs to upload data into one specific blob container for six hours. The administrator must avoid sharing the storage account key and should grant only the minimum permissions needed. Which access method should be used?

Question 63hardmulti select
Read the full Implement and Manage Storage explanation →

A contractor needs to upload files into one blob container for six hours. The administrator must avoid sharing the storage account key and wants the access to expire automatically. Which two actions should the administrator take? Select two.

Question 64easymultiple choice
Read the full Implement and Manage Storage explanation →

An employee accidentally deletes several folders from an Azure file share. The administrator must recover only those folders from yesterday, not roll back the whole share. What should the administrator use?

Question 65hardmulti select
Read the full Implement and Manage Storage explanation →

A web app already reads blobs by using a managed identity. Security now requires blocking any future requests that use shared key authorization, while the app must continue to work without storing secrets. Which two changes should the administrator make? Select two.

Question 66mediummultiple choice
Read the full Implement and Manage Storage explanation →

A DevOps pipeline runs on an on-premises build server and must deploy ARM templates to a resource group in Azure without using a user password. The server is not in Azure, so managed identity is not available. What should the administrator create?

Question 67hardmultiple choice
Read the full Implement and Manage Storage explanation →

A finance operations team manages virtual machines in RG-App. They must start, stop, deallocate, and view VM properties for any VM in that resource group. They must not be able to delete VMs, read NIC settings, or manage disks. What should the administrator do?

Question 68mediummultiple choice
Read the full NAT/PAT explanation →

A finance department shares a resource group containing a critical VM and a storage account. Administrators must still be able to update settings and apply patches, but no one should accidentally delete the resources. Which lock should be applied at the resource group level?

Question 69mediummultiple choice
Read the full Implement and Manage Storage explanation →

A finance team stores application blobs in an Azure Storage account. The data must remain available if a single availability zone in the region is lost, and the team does not need automatic read access from another region. Which redundancy option best meets the requirement?

Question 70mediummultiple choice
Read the full VPN explanation →

A hub VNet already has a VPN gateway connected to on-premises networks. A new spoke VNet must reach those on-premises networks through the existing gateway without deploying another gateway. Which peering settings are required?

Question 71mediummultiple choice
Read the full Implement and Manage Storage explanation →

A Windows file server VM in Azure must mount an Azure file share by using existing Active Directory Domain Services credentials instead of a storage account key. The organization already has domain-joined Windows servers in the environment. What should the administrator configure on the storage account?

Question 72hardmultiple choice
Read the full Implement and Manage Storage explanation →

An archive team stores legal exhibits in Azure Blob Storage. The files are downloaded only during quarterly audits, but when an auditor needs one, it must be readable immediately without waiting for a rehydration job. The team wants the lowest practical cost after the first 30 days and does not want to move blobs manually each quarter. What should the administrator configure?

Question 73easymultiple choice
Read the full Implement and Manage Storage explanation →

A company stores customer documents in Azure Blob Storage. The business requires the data to stay available if one availability zone in the region has an outage. Which redundancy option should the administrator choose?

Question 74easymultiple choice
Review the full subnetting walkthrough →

A storage account must be reachable only from resources in one Azure subnet, and public network access should not be used. Which configuration best meets this requirement?

Question 75hardmultiple choice
Read the full Implement and Manage Storage explanation →

A media company stores project video assets in Azure Blob Storage. The business requires the data to survive a single availability zone outage in the primary region. In addition, if the primary region becomes unavailable, operations staff must still be able to read the most recently replicated copy from the secondary region right away, even if writes are temporarily unavailable. Which redundancy option best meets this requirement?

Question 76hardmultiple choice
Read the full Implement and Manage Storage explanation →

A finance department stores spreadsheets in an Azure file share. Yesterday a user deleted a subfolder tree, but other folders were modified after that point and must not be rolled back. The administrator wants to restore only the deleted subfolder tree to its state from yesterday. What should the administrator use?

Question 77mediummultiple choice
Read the full Implement and Manage Storage explanation →

An application uploads documents by using one of the storage account access keys. The team wants to rotate keys without interrupting uploads. Which process should the administrator follow?

Question 78easymultiple choice
Read the full Implement and Manage Storage explanation →

A monthly report file must automatically move to a cheaper online tier after 90 days in Azure Blob Storage. Which feature should the administrator configure?

Question 79mediummultiple choice
Read the full Implement and Manage Storage explanation →

A Windows file server VM must mount an Azure file share by using domain credentials instead of a storage account key. The organization already manages users in Active Directory Domain Services. Which authentication option should be configured for Azure Files?

Question 80mediummultiple choice
Read the full Implement and Manage Storage explanation →

A contractor must import data into one blob container for six hours. The contractor should not receive the storage account key, and access must be limited to that container only. Which credential should the administrator generate?

Question 81mediummultiple choice
Read the full Implement and Manage Storage explanation →

A user accidentally deleted a nested folder tree from an Azure file share yesterday. Other folders were modified after the deletion and must not be rolled back. The administrator wants to restore only the deleted folder tree. What is the best recovery method?

Question 82mediummultiple choice
Read the full Implement and Manage Storage explanation →

A legal department archived a 120-GB blob three weeks ago. They now need the file available for review later today, and waiting more than a day would delay a court filing. What should the administrator do to make the blob readable as quickly as possible?

Question 83hardmulti select
Read the full Implement and Manage Storage explanation →

A web app uses a managed identity to read blobs from a storage account. Security now wants to ensure no future requests can authenticate with shared keys and the app should continue to use secretless access. Which two changes should the administrator make? Select two.

Question 84easymultiple choice
Read the full Implement and Manage Storage explanation →

An archive of legal documents is accessed only a few times each month, but when someone needs a document it must open immediately without a rehydration wait. Which access tier should be used?

Question 85mediummultiple choice
Read the full Implement and Manage Storage explanation →

A blob was moved to the Archive tier last month. A project team now needs the file available later today, and they expect to read it several times during review. What should the administrator do first?

Question 86hardmulti select
Read the full Implement and Manage Storage explanation →

A compliance team wants newly uploaded monthly reports to remain in the Hot tier for 90 days and then move automatically to a cheaper online tier without becoming offline. Which two configurations should the administrator use? Select two.

Question 87hardmulti select
Read the full Implement and Manage Storage explanation →

A 180-GB blob is in the Archive tier. A legal team needs the file available later today and expects to open it several times during review. Which two actions should the administrator take? Select two.

Question 88hardmulti select
Review the full subnetting walkthrough →

A company has an Azure Storage account that stores application files in Blob Storage. VMs in AppSubnet must access the blobs by using the standard storage account name, but traffic must stay private and the public endpoint must not be used. Which two actions should the administrator take? Select two.

Question 89mediummultiple choice
Read the full Implement and Manage Storage explanation →

A finance team stores monthly invoice PDFs in Azure and wants the data to remain available if an entire availability zone in the region fails. They do not need read access to a secondary region, and they want to keep the storage service simple. Which redundancy option should they choose for the storage account?

Question 90hardmultiple choice
Read the full Implement and Manage Storage explanation →

A 180-GB blob was moved to the Archive tier last week. A legal team now needs the file available later today for repeated review, and they are willing to pay more to shorten the wait. Which action should the administrator take first?

Question 91hardmulti select
Read the full Implement and Manage Storage explanation →

A legal team archived a 200-GB blob last quarter. They now need to open it repeatedly later today for review, and waiting more than a day would delay the case. Which two actions should the administrator take? Select two.

Question 92mediummultiple choice
Review the full subnetting walkthrough →

A storage account must be reachable only from Azure VMs in a single subnet. Public network access should not be used, and the team wants the storage service to keep using a private IP address inside the virtual network. Which feature should the administrator configure?

Question 93easymultiple choice
Read the full Implement and Manage Storage explanation →

A legal team stores archived case files in Azure Blob Storage. The files are rarely read, but they must remain online and available immediately when needed. Which access tier should the administrator use?

Question 94mediummultiple choice
Read the full Implement and Manage Storage explanation →

A developer can access an Azure Blob container from the portal using Microsoft Entra sign-in, but their custom app gets a 403 error when reading the same blob. The storage account is configured to use Azure AD authorization. What is the most likely fix?

Question 95mediummultiple choice
Read the full Implement and Manage Storage explanation →

A batch job fails with a blob read error after the administrator moved a 200-GB blob to the archive tier. The file must be available again within a few hours, and the administrator wants the least disruptive recovery. What should be done?

Question 96hardmultiple choice
Read the full VPN explanation →

An on-premises ERP server connected to Azure through a site-to-site VPN must read and write blobs in a storage account by using the storage account's private IP address. Public network access must be blocked. Which storage configuration should the administrator implement?

Question 97mediummultiple choice
Review the full subnetting walkthrough →

A team has Windows VMs in a subnet that need to access an Azure Storage account. The storage account should remain reachable through its public endpoint, but only traffic from that one subnet should be allowed. Which configuration best meets the requirement?

Question 98mediummultiple choice
Read the full Implement and Manage Storage explanation →

A user accidentally deleted a folder tree from an Azure file share. The administrator needs to restore only the deleted folders to the state they had yesterday, not roll back the whole share. Which feature should be used?

Question 99mediummultiple choice
Read the full Implement and Manage Storage explanation →

A records archive stores thousands of blobs that are usually read-only. The administrator wants blobs older than 90 days to move automatically to a lower-cost online tier without manual intervention. Which solution should be configured?

Question 100mediummultiple choice
Read the full Implement and Manage Storage explanation →

A finance application stores monthly invoice PDFs in Azure Blob Storage. The business wants the data to remain available if one availability zone in the region becomes unavailable, but it does not require a secondary region for read access. Which redundancy option should the administrator choose?

Question 101easymultiple choice
Read the full Implement and Manage Storage explanation →

A finance team stores monthly reports in Azure Blob Storage. The data must remain available if one datacenter in the Azure region fails, but the company does not need read access from a secondary region. Which redundancy option should the administrator choose?

Question 102hardmulti select
Review the full subnetting walkthrough →

A finance application stores monthly invoice PDFs in Azure Blob Storage. The data must survive a single availability zone outage in the region, and the storage account must be reachable only through a private IP from AppSubnet. Public network access must not be available. Which three actions should the administrator take? Select three.

Question 103mediummultiple choice
Read the full Implement and Manage Storage explanation →

A Windows file server VM in Azure needs to mount an Azure file share by using existing Active Directory Domain Services credentials. The security team does not want to use storage account keys. Which authentication option should be configured for Azure Files?

Question 104mediummultiple choice
Read the full Implement and Manage Storage explanation →

An application team plans to store block blobs for application logs, lifecycle them to cooler tiers over time, and use Azure Monitor diagnostic exports from several Azure resources into the same storage account. They also want access tier controls and general-purpose features in one place. Which storage account type should the administrator create?

Question 105hardmultiple choice
Read the full Implement and Manage Storage explanation →

A legacy application still authenticates to Azure Blob Storage by using the account key. Security now requires preventing any new requests that use shared key authorization, while leaving the storage account itself and Microsoft Entra-based access unchanged. Which setting should the administrator enable?

Question 106hardmultiple choice
Read the full Implement and Manage Storage explanation →

A contractor needs to upload files into one blob container for six hours. The administrator must avoid sharing the storage account key, and the access token should keep working even if the storage account keys are rotated later. Which access mechanism should be issued?

Question 107mediummultiple choice
Read the full VPN explanation →

An on-premises application connects to Azure through an existing site-to-site VPN. The application must access an Azure Blob Storage account over a private IP, and the storage account must not accept public network traffic. Which configuration should the administrator deploy?

Question 108hardmulti select
Read the full Implement and Manage Storage explanation →

A user deleted a nested folder tree from an Azure file share yesterday. Other folders in the share were updated after the deletion and must not be rolled back. Which two actions should the administrator take? Select two.

Question 109easymultiple choice
Read the full Implement and Manage Storage explanation →

Based on the exhibit, what should the administrator configure to meet the storage access requirement?

Exhibit

Requirement summary:
- Azure VMs in AppSubnet must access StorageAccount1
- Only AppSubnet should be allowed
- The storage account should remain reachable through its public endpoint
- No private IP is required
Question 110mediummultiple choice
Read the full Implement and Manage Storage explanation →

A web app currently accesses Azure Blob Storage by using the storage account key in a connection string. Security now requires blocking any new requests that use shared key authorization, while Microsoft Entra-based access must continue to work. Which storage account setting should the administrator change?

Question 111easymultiple choice
Read the full Implement and Manage Storage explanation →

A contractor needs temporary access to upload files into one Azure Blob container for six hours. The administrator does not want to share the storage account key. What should the administrator create?

Question 112easymultiple choice
Read the full Implement and Manage Storage explanation →

A healthcare application stores files that must be protected against a single datacenter outage in the region. The team does not need a secondary region for read access, and they want the simplest resilient option. Which storage redundancy should they choose?

Question 113easymultiple choice
Read the full Implement and Manage Storage explanation →

A blob was moved to the Archive tier last month. A user now needs to open the file within a few hours. What should the administrator do first?

Question 114mediummultiple choice
Read the full Implement and Manage Storage explanation →

A legal department stores project video assets in Azure Blob Storage. The files are reviewed only during quarterly audits, but when someone needs a file it must open immediately without waiting for rehydration. Which access tier should the administrator use for the blobs?

Question 115hardmulti select
Read the full Implement and Manage Storage explanation →

A Windows file server VM in Azure must mount an Azure file share by using existing Active Directory Domain Services credentials, not the storage account key. Yesterday, a user deleted a folder tree from the share, and only that folder tree should be restored. Which two actions should the administrator take? Select two.

Question 116easymultiple choice
Read the full Implement and Manage Storage explanation →

A reporting application stores files in Azure Blob Storage. The business wants the secondary region to be readable if the primary region becomes unavailable. Which redundancy option should you use?

Question 117mediummultiple choice
Read the full Implement and Manage Storage explanation →

A partner company needs write access to a single blob container for 24 hours. The partner does not have an Azure subscription in your tenant, and the team does not want to share the storage account key. Which access method is the best choice?

Question 118mediummultiple choice
Read the full Implement and Manage Storage explanation →

A compliance team keeps signed contract scans in blob storage. The files are usually not accessed, but when they are needed they must be available immediately without waiting for rehydration. The team wants the lowest-cost online tier that still allows immediate reads. Which access tier should you choose?

Question 119hardmultiple choice
Read the full DNS explanation →

A storage account must be accessible only from one Azure subnet. The security team does not want a private endpoint or private DNS zone, and they are fine with the storage account continuing to use its public FQDN. Which configuration should you use?

Question 120easymulti select
Read the full Implement and Manage Storage explanation →

A development team wants redundancy within the primary region but does not need replication to a secondary region. Which two Azure storage redundancy options meet this requirement? Select two.

Question 121mediummultiple choice
Read the full Implement and Manage Storage explanation →

A partner organization needs write access to a single blob container for 24 hours. You want to avoid sharing the storage account key and minimize access scope. Which access mechanism should you provide?

Question 122mediummultiple choice
Read the full Implement and Manage Storage explanation →

A web app running in Azure App Service must upload files to a blob container. The team wants to avoid storing any secrets in application settings and wants the app to authenticate without a password or access key. What should the administrator configure?

Question 123mediummultiple choice
Read the full Implement and Manage Storage explanation →

An administrator moved old log blobs to the Archive tier last month. An auditor now needs one blob for review later today. What must happen before the blob can be opened?

Question 124hardmultiple choice
Read the full Implement and Manage Storage explanation →

An analytics platform stores daily export files in Azure Blob Storage. The business wants the storage account to survive a failure of any one availability zone and also keep a replicated copy in a paired region for disaster recovery. No one needs to read from the secondary region unless a disaster recovery event occurs. Which redundancy option should be used?

Question 125easymultiple choice
Read the full Implement and Manage Storage explanation →

An administrator moved a blob to the Archive tier last month. A user needs to open it tomorrow. What must happen before the file can be read?

Question 126mediummultiple choice
Read the full Implement and Manage Storage explanation →

An analytics team stores exported reports in a storage account. They want the data to survive a zone failure and a regional outage, and if the primary region becomes unavailable they also want read-only access to the replica while failover is being planned. Which redundancy option should you select?

Question 127easymultiple choice
Read the full Implement and Manage Storage explanation →

A partner must upload files to one blob container for 12 hours. You do not want to share the storage account key, and the access should expire automatically. Which access method should you use?

Question 128mediummultiple choice
Read the full Implement and Manage Storage explanation →

A storage account must be accessible only from one virtual network, and the storage service must have a private IP address inside that network. Public network access should be disabled. Which solution should the administrator use?

Question 129mediummultiple choice
Read the full Implement and Manage Storage explanation →

A partner company needs to upload files to a single blob container for the next 24 hours. The partner should not receive the storage account key, and the access should be limited to that container only. Which access mechanism should you provide?

Question 130easymultiple choice
Read the full Implement and Manage Storage explanation →

An Azure Files share must stay available if one availability zone in its primary region fails. The business does not need replication to another region. Which redundancy option should you choose for the storage account?

Question 131mediummultiple choice
Read the full Implement and Manage Storage explanation →

A reporting team stores read-only analytics files in Azure Blob Storage. The files must replicate to a paired region so they survive a regional outage, and analysts want to read the secondary copy through the secondary endpoint without waiting for failover. Which redundancy option should the administrator choose?

Question 132easymultiple choice
Read the full Implement and Manage Storage explanation →

A company hosts documents in Azure Blob Storage. The files must remain available if one availability zone in the region fails. Which redundancy option should the administrator choose?

Question 133mediummultiple choice
Review the full subnetting walkthrough →

A development subnet must access an Azure Storage account privately, but the security team does not want to create a private IP in the VNet. They only want the subnet identity to be extended to the storage service. Which feature should the administrator configure?

Question 134hardmultiple choice
Read the full Implement and Manage Storage explanation →

A media archive stores large video files that must survive a zone failure in the primary region and also be replicated to a paired region for disaster recovery. The archive team does not want anyone to read from the secondary region during normal operations, and cost should be lower than the read-access variant. Which redundancy option should you configure?

Question 135mediummultiple choice
Read the full Implement and Manage Storage explanation →

A web API running in an Azure App Service needs to read and write blobs in a storage account. The operations team does not want to store secrets in app settings or rotate credentials manually. What should they enable on the App Service?

Question 136mediummultiple choice
Read the full Implement and Manage Storage explanation →

A finance team stores PDF statements in Azure Blob Storage. The workload must survive a zone failure in the primary region, and if the entire region becomes unavailable, auditors still need read-only access to the copies in the secondary region. Which redundancy option should you choose?

Question 137mediummultiple choice
Read the full Implement and Manage Storage explanation →

A web app running in Azure App Service must upload images to a blob container without storing any account keys, passwords, or connection strings in configuration. The app uses only one Azure resource. What should the administrator configure?

Question 138hardmultiple choice
Read the full DNS explanation →

An administrator wants a storage account to be accessible only from one subnet. The storage account should still use its public FQDN, the team does not want a private IP address in the VNet, and they do not want to manage private DNS zones. Which solution should be used?

Question 139hardmultiple choice
Read the full Implement and Manage Storage explanation →

A compliance team stores signed contract scans in Azure Blob Storage. The data must remain available if one zone in the primary region fails. If the entire primary region is unavailable, the team also needs to read the secondary copy while recovery work is underway. Which redundancy option should you choose for the storage account?

Question 140hardmultiple choice
Read the full NAT/PAT explanation →

A records team stores monthly regulatory exports in a blob container. The files are rarely opened, but auditors may request one specific file later the same day. The team wants the lowest storage cost possible while keeping a path to restore a single file on demand. Which approach should you use?

Question 141easymulti select
Read the full Implement and Manage Storage explanation →

A partner must upload files to one blob container for 12 hours. You do not want to share the storage account key. Which two temporary access methods can be used? Select two.

Question 142easymultiple choice
Read the full Implement and Manage Storage explanation →

A VM-based application needs to read from Azure Storage without storing a password, access key, or other secret in code or configuration. The identity should also be removed automatically if the VM is deleted. What should you enable?

Question 143mediummultiple choice
Read the full Implement and Manage Storage explanation →

An administrator archives monthly log exports in a blob container to reduce storage cost. During an audit, one archived blob must be downloaded and opened later the same day. What must the administrator do before the blob can be read?

Question 144mediummultiple choice
Read the full Implement and Manage Storage explanation →

A workload uses Azure Blob Storage for customer uploads. The team wants protection against a datacenter failure within the primary region and wants data copied to a paired region for disaster recovery, but they do not need to read from the secondary region during normal operations. Which redundancy option fits best?

Question 145mediummultiple choice
Read the full Implement and Manage Storage explanation →

An administrator archived monthly log exports in a blob container six weeks ago. An auditor now needs to open one of those files later today, and the file must be readable from Azure Storage rather than restored from a separate backup copy. What should the administrator do?

Question 146easymultiple choice
Review the full subnetting walkthrough →

A storage account must accept traffic only from a single subnet. The team wants to keep using the storage account's public endpoint and does not want to deploy a private endpoint. What should you configure?

Question 147mediummultiple choice
Read the full DNS explanation →

A team has an existing storage account with the public endpoint enabled. They want to allow access only from a specific subnet in a virtual network, but they do not want to create a private endpoint or manage private DNS zones. Which configuration should the administrator use?

Question 148hardmultiple choice
Read the full Implement and Manage Storage explanation →

A deployment pipeline uploads content to a blob container in Azure Storage. The pipeline authenticates with Microsoft Entra ID and must grant a partner temporary write access for 12 hours without sharing the storage account key. The access should be limited to the container only. Which access method should the administrator use?

Question 149hardmultiple choice
Read the full DNS explanation →

A web app in a subnet must access a storage account through the storage account's public FQDN. Access must be limited to that single subnet, and the team does not want to deploy a private endpoint or manage private DNS records. Which configuration should you use?

Question 150easymulti select
Read the full Implement and Manage Storage explanation →

A finance team stores documents in Azure Storage. The account must survive a failure of one availability zone in the primary region and also remain available if the primary region becomes unavailable. Which two replication options meet this requirement? Select two.

Question 151mediummultiple choice
Read the full Implement and Manage Storage explanation →

A company stores contract PDFs in Azure Blob Storage. The application must keep working if one datacenter in the primary region has an outage, and auditors also want read-only access to the replicated data from the secondary region during a regional outage. Which redundancy option should the administrator choose?

Question 152easymulti select
Read the full Implement and Manage Storage explanation →

An archived blob must be read tomorrow morning. Which two actions are required before the blob can be opened? Select two.

Question 153easymulti select
Read the full Implement and Manage Storage explanation →

A records team stores blobs that are read often during the first month and then rarely accessed later, but the files must stay online the whole time. Which two access tiers should they use for the active and inactive data sets? Select two.

Question 154mediummultiple choice
Read the full Implement and Manage Storage explanation →

A media archive contains video files that are accessed only a few times per year, but they must remain online and readable immediately whenever an investigator requests them. Which blob access tier should the administrator choose to minimize storage cost?

Question 155hardmultiple choice
Read the full Implement and Manage Storage explanation →

A legal department keeps signed contract scans in a blob container. The files are almost never opened, but when a reviewer requests one, it must be available later the same day and then stay online for about three days while the review is completed. The team wants the lowest ongoing storage cost during that review window. What should the administrator do?

Question 156hardmultiple choice
Read the full network assurance explanation →

An analytics team keeps quarterly telemetry exports in Azure Blob Storage. The files are accessed only a few times per year, but when they are needed they must remain online and immediately readable without any rehydration delay. Which access tier should you use?

Question 157mediummultiple choice
Read the full Implement and Manage Storage explanation →

A development team stores build artifacts in Azure Blob Storage. The artifacts must remain available if one datacenter in the Azure region fails, but the business does not want to pay for replication to another region. Which redundancy option should the administrator select?

Question 158hardmultiple choice
Read the full Implement and Manage Storage explanation →

A legal department keeps evidence files in Azure Blob Storage. The files are accessed only a few times per year, but they must stay online and be immediately readable when requested. The team wants the lowest-cost online tier and does not want a rehydration step. Which tier should you choose?

Question 159mediummultiple choice
Read the full Implement and Manage Storage explanation →

A compliance team keeps signed contract scans in Azure Blob Storage. The files are usually read only a few times per year, but when a reviewer needs one, it must be available immediately without waiting for rehydration. Which access tier should the administrator use?

Question 160easymulti select
Review the full subnetting walkthrough →

A team wants an Azure Storage account to be reachable only from one subnet, but they do not want to use a private endpoint. Which two configurations should they use? Select two.

Question 161hardmultiple choice
Read the full Implement and Manage Storage explanation →

An operations team archived monthly log exports six weeks ago. An auditor now needs one specific blob restored within a day, and the file will likely be opened several times during the audit. Which action should the administrator take first?

Question 162easymultiple choice
Read the full Implement and Manage Storage explanation →

A records team wants blobs to be replicated to a secondary region, and the secondary copy must be readable if the primary region becomes unavailable. Which redundancy option should you choose?

Question 163mediummatching
Read the full Implement and Manage Storage explanation →

Match each storage networking requirement to the Azure storage network control that should be used.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Storage firewall with a virtual network rule and service endpoint

Private endpoint with private DNS zone

Trusted Microsoft services exception

Storage firewall IP network rule

Question 164hardmultiple choice
Read the full Implement and Manage Storage explanation →

A platform team wants one Azure storage account for application logs in Blob containers and a shared working directory for a Windows admin VM and a Linux automation VM. The account must support blob lifecycle rules, standard performance, and future private endpoint access. Which storage account kind should the administrator create?

Question 165mediummultiple choice
Read the full Implement and Manage Storage explanation →

An organization wants a single Azure storage account that can host blob containers, Azure Files shares, and lifecycle management rules for blob data. Which storage account kind should the administrator create?

Question 166mediummatching
Read the full Implement and Manage Storage explanation →

Match each storage resiliency requirement to the Azure redundancy option that best satisfies it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

ZRS

LRS

RA-GRS

RA-GZRS

Question 167mediummatching
Read the full Implement and Manage Storage explanation →

Match each lifecycle management requirement to the blob tier transition or action that should be configured.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Transition to Cool

Transition to Archive

Rehydrate from Archive

Delete blob

Question 168mediummultiple choice
Review the full subnetting walkthrough →

An application runs on an Azure VM in a subnet and must access a storage account over the public endpoint without using a private IP address. The administrator wants to restrict access so only that subnet can reach the account. What should be configured?

Question 169easymultiple choice
Review the full subnetting walkthrough →

A storage account must stay reachable through its public endpoint, but only Azure workloads in AppSubnet should be allowed to access it. No private IP is required. What should you configure?

Question 170easymulti select
Read the full Implement and Manage Storage explanation →

Which two authentication methods let an app access blob data without storing the storage account key on the machine? Select two.

Question 171mediummultiple choice
Read the full Implement and Manage Storage explanation →

A Windows VM and a Linux VM in Azure need to use the same shared folder for application artifacts. The team wants a managed file service instead of running a separate file server VM, and both operating systems must be able to mount the share using a standard protocol. Which solution should the administrator implement?

Question 172hardmulti select
Read the full Implement and Manage Storage explanation →

A help desk group must use the Azure portal to start a virtual machine, stop or deallocate it, and see its current state, but they must not change any other VM settings. Which three Microsoft.Compute actions should be included in a custom role? Select three.

Question 173mediummatching
Read the full NAT/PAT explanation →

Match each data-access pattern to the blob tier or required action.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Hot

Cool

Archive

Rehydrate from Archive

Question 174mediummultiple choice
Read the full Implement and Manage Storage explanation →

A VM-based app must upload invoices to a blob container every hour. Security prohibits storing account keys or SAS tokens on the VM. The app should authenticate with Microsoft Entra ID and be allowed only to write blobs in one container. What should you configure?

Question 175mediummultiple choice
Read the full Implement and Manage Storage explanation →

A development team needs a single Azure Storage account for blob containers, Azure Files shares, and blob lifecycle rules. The account must support standard performance and allow future use of access tiers. Which account kind should you create?

Question 176mediummatching
Read the full Implement and Manage Storage explanation →

Match each file-sharing requirement to the best Azure Files mounting or integration approach.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Azure File Sync

SMB with AD DS-based identity authentication

NFS 4.1 share

SAS token

Question 177mediummultiple choice
Read the full Implement and Manage Storage explanation →

A business-critical storage account must survive a zone outage in the primary region and also keep a read-only copy in the paired region for reporting if the primary region becomes unavailable. Which redundancy option should you choose?

Question 178hardmultiple choice
Read the full Implement and Manage Storage explanation →

A platform team created a BlobStorage account for application logs. Later they discovered the same account must also host an Azure Files share for a Linux automation server, and lifecycle rules must continue to manage blob tiers. Standard performance is sufficient. What should they do?

Question 179easymulti select
Read the full Implement and Manage Storage explanation →

A Windows VM mounts an Azure Files share by using SMB and identity-based authentication. Which two permission layers can affect access to folders in the share? Select two.

Question 180mediummultiple choice
Read the full VPN explanation →

A hub VNet contains a VPN gateway that provides access to on-premises resources. A spoke VNet is peered to the hub and must send on-premises traffic through the hub gateway without deploying its own gateway. What peering configuration is required?

Question 181mediummultiple choice
Read the full DNS explanation →

Based on the exhibit, the security team wants AppSubnet to access an Azure Storage account through the public endpoint, but only that subnet should be allowed. They do not want a private IP or DNS changes. What should the administrator configure?

Exhibit

Storage account network settings:
Public network access: Enabled from selected virtual networks
Firewall status: No virtual network rules configured
AppSubnet settings:
Service endpoint for Microsoft.Storage: Not enabled
Private endpoint: Not configured
Requirement: Restrict access to AppSubnet only, without changing DNS.
Question 182easymulti select
Read the full Implement and Manage Storage explanation →

A support engineer finds a blob that was moved to the Archive tier by a lifecycle rule and must download it today. Which two actions are required before the blob can be read? Select two.

Question 183easymulti select
Study the full Python automation breakdown →

A Python app running on an Azure VM must upload blobs to one container in a storage account. The app must not store a storage account key or SAS token on the VM. Which two actions should the administrator take? Select two.

Question 184mediummatching
Read the full Implement and Manage Storage explanation →

Match each access scenario to the SAS or key type that best fits it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

User delegation SAS

Service SAS

Account SAS

Storage account key

Question 185mediummultiple choice
Read the full Implement and Manage Storage explanation →

An administrator is deploying a new storage account for an application. The account must support blob containers, an Azure Files share, lifecycle rules for blobs, and standard access tiers. The application does not need premium performance for a single data service. Which storage account kind should be chosen?

Question 186mediummultiple choice
Read the full VPN explanation →

A hub VNet already has a VPN gateway connected to on-premises. A spoke VNet must send on-premises traffic through the hub gateway without deploying its own gateway. Which peering settings are needed?

Question 187mediummultiple choice
Read the full Implement and Manage Storage explanation →

A storage account must stay online for applications, but administrators have a temporary freeze on configuration changes. Users can still view the account, but attempts to change the access tier, create a container, or update networking all fail. What most likely caused the behavior?

Question 188easymulti select
Read the full Implement and Manage Storage explanation →

A team wants a storage option that stays available if one availability zone in the primary region fails. Which two redundancy options meet that requirement? Select two.

Question 189easymulti select
Read the full Implement and Manage Storage explanation →

An analyst needs a blob that is currently in the Archive tier to be downloadable within the next hour. Which two actions should the administrator take? Select two.

Question 190easymulti select
Read the full Implement and Manage Storage explanation →

A team wants one Azure Files share to be used by both Windows and Linux virtual machines. Which two mounting approaches are valid? Select two.

Question 191mediummultiple choice
Read the full NAT/PAT explanation →

A Windows VM and a Linux VM in Azure must use the same shared working folder for application files. The team does not want to run a separate file server, and both VMs must be able to mount the share by using native operating system tools. What should the administrator deploy?

Question 192easymulti select
Review the full subnetting walkthrough →

An application runs in a subnet and must reach a storage account over the public endpoint, but only that subnet should be allowed. The team does not want to use a private endpoint. Which two configurations should the administrator use? Select two.

Question 193mediummultiple choice
Read the full Implement and Manage Storage explanation →

A team runs a Windows service on an Azure virtual machine that uploads invoices to Blob storage every few minutes. Security policy forbids storing account keys or long-lived SAS tokens on the VM. The service must authenticate without human interaction. What should the administrator configure?

Question 194mediummultiple choice
Read the full Implement and Manage Storage explanation →

A team runs a Windows VM in Azure that uploads invoices to a blob container. Security policy forbids storing storage account keys or long-lived SAS tokens on the VM. The app must keep working until the VM is deleted, and access should disappear automatically when the VM is removed. What should the administrator configure?

Question 195easymulti select
Read the full Implement and Manage Storage explanation →

A Windows VM and a Linux VM are both joined to the same Active Directory Domain Services domain. Which two authentication methods can be used to mount the same Azure Files share over SMB? Select two.

Question 196mediummultiple choice
Read the full Implement and Manage Storage explanation →

A team enabled Azure Files for a Windows-based application. The app can reach the storage account, but the mount fails because users cannot authenticate with the share. The team does not want to use the storage account key. What is the best next step?

Question 197easymulti select
Read the full Implement and Manage Storage explanation →

A development team needs one storage account to host blob containers, Azure Files shares, and blob lifecycle management rules. Which two statements about the account are correct? Select two.

Question 198mediummultiple choice
Read the full Implement and Manage Storage explanation →

A lifecycle rule moved old audit logs to the Archive tier. A support engineer now needs to read one archived blob, and the download request fails with a message that the blob is archived. The engineer can wait several hours for the data to become available. What should the administrator do?

Question 199easymulti select
Read the full Implement and Manage Storage explanation →

A company wants a storage account that keeps a readable copy in the secondary region and lets read operations continue if the primary region becomes unavailable. Which two redundancy options meet this requirement? Select two.

Question 200mediummultiple choice
Read the full Implement and Manage Storage explanation →

A support engineer must download a blob that was moved to the Archive tier by a lifecycle rule. The file must be available as soon as possible for an investigation. What should the engineer do first?

Question 201hardmultiple choice
Read the full Implement and Manage Storage explanation →

Quarterly invoices were moved to the Archive tier by a lifecycle rule. An auditor now needs one specific blob available for download within the next hour. What should the administrator do?

Question 202hardmultiple choice
Read the full Implement and Manage Storage explanation →

An Azure Automation job running on a VM uses a managed identity to upload and overwrite JSON files in one container named configs. The job must not list, delete, or modify any other containers in the storage account. Which role assignment is the best choice?

Question 203easymulti select
Read the full Implement and Manage Storage explanation →

A Windows VM in Azure must upload log files to a blob container every hour. Security policy forbids storing the storage account key or any long-lived SAS token on the VM. Which two actions should the administrator take? Select two.

Question 204mediummultiple choice
Read the full Implement and Manage Storage explanation →

A contractor needs to upload files to one blob container for the next two hours. The contractor must not learn the storage account key, and access should expire automatically without manual cleanup. What is the best way to grant access?

Question 205mediummultiple choice
Read the full DNS explanation →

A team wants to allow a subnet to access a storage account only from that subnet, but they do not want to create a private endpoint or change DNS. The storage account should still be reachable through its public endpoint, just not from other networks. What should the administrator configure?

Question 206hardmultiple choice
Read the full Implement and Manage Storage explanation →

A business stores audit exports in Blob Storage. The account must continue serving writes if one availability zone fails, and reporting users in the paired region must still be able to read the replicated data if the primary region becomes unavailable. Which redundancy option best meets the requirement?

Question 207hardmultiple choice
Read the full DNS explanation →

A finance web app in AppSubnet must connect to Azure SQL Database over the service's public endpoint. Only AppSubnet should be allowed, and the security team does not want to deploy any private IPs or change DNS. What should you configure?

Question 208mediummatching
Read the full Implement and Manage Storage explanation →

Match each access requirement to the most appropriate Azure Storage authentication or authorization approach.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Enable a managed identity on the VM and assign a data-plane RBAC role

User delegation SAS

Storage account key

Azure RBAC data role assignment

Question 209easymulti select
Read the full Implement and Manage Storage explanation →

A reporting team wants a storage redundancy option that keeps a readable copy in the paired region. Which two choices provide read access to the secondary region? Select two.

Question 210hardmultiple choice
Read the full Implement and Manage Storage explanation →

A business stores audit logs in Azure Blob Storage. The account must remain available if an entire availability zone in the primary region fails, and analysts must still be able to read the data from the paired region if the primary region becomes unavailable. Which replication option should the administrator select?

Question 211mediummultiple choice
Read the full Implement and Manage Storage explanation →

A lifecycle rule moved quarterly audit logs to the Archive tier. An auditor now needs one blob for an urgent investigation and wants it available for download as soon as the rehydration completes. What should the administrator do?

Question 212mediummultiple choice
Read the full Implement and Manage Storage explanation →

A business-critical storage account must keep data available if one availability zone fails in the primary region. It must also keep a readable copy in the paired region so administrators can verify data during disaster recovery testing before failover. Which redundancy option should be selected?

Question 213easymulti select
Read the full Implement and Manage Storage explanation →

A company wants a single storage account for blob containers, Azure Files shares, and blob lifecycle management rules. Which two statements about the required account are true? Select two.

Question 214mediummultiple choice
Review the full subnetting walkthrough →

An application on a VM in subnet AppSubnet must access a storage account over the public endpoint. The security team wants to allow traffic only from AppSubnet and does not want to deploy a private endpoint. What should the administrator configure?

Question 215mediummultiple choice
Review the full subnetting walkthrough →

A team wants to restrict a storage account so only one Azure subnet can reach it. They do not need a private IP address, and they are fine with the storage account still using its public endpoint. Which configuration should the administrator use?

Question 216hardmultiple choice
Read the full NAT/PAT explanation →

Diagnostic settings on an Azure storage account must send logs to a destination storage account that has its firewall set to deny all public network access. The team cannot create a private endpoint, but the destination service is one of the Azure services that can bypass the firewall as a trusted Microsoft service. What should the administrator enable?

Question 217hardmultiple choice
Read the full Implement and Manage Storage explanation →

A Windows VM and a Linux VM in the same on-premises Active Directory Domain Services domain must mount the same Azure Files share over SMB. Security policy forbids storage account keys and long-lived SAS tokens. What should the administrator configure?

Question 218hardmultiple choice
Read the full Implement and Manage Storage explanation →

A team needs one Azure Files share that can be mounted by both Windows and Linux VMs. The VMs are joined to the same on-premises Active Directory Domain Services domain, and the security team forbids storage account keys. The team also wants to manage access with existing AD group memberships. What should the administrator configure?

Question 219hardmultiple choice
Read the full Implement and Manage Storage explanation →

A storage account has public network access disabled. A VM in VNet-Prod must reach Blob storage by using the storage account name, but nslookup from the VM still returns the public endpoint address. What should the administrator do?

Question 220mediummatching
Read the full Implement and Manage Storage explanation →

Match each workload requirement to the Azure storage account kind that best fits it.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

General-purpose v2

FileStorage

BlockBlobStorage

BlobStorage

Question 221hardmultiple choice
Read the full Implement and Manage Storage explanation →

A Windows VM runs an application that uploads files to a blob container every hour. Security forbids storing storage account keys or long-lived SAS tokens on the VM. The application must be able to write only to that container and nothing else. What should the administrator configure?

Question 222mediummultiple choice
Read the full Implement and Manage Storage explanation →

A backup job from an Azure service must write to a storage account that has the network firewall set to deny all public traffic. The team does not want to create a private endpoint for this workload. What should the administrator enable?

Question 223mediummulti select
Read the full Implement and Manage Storage explanation →

You are managing an Azure Storage account that hosts a large number of blobs. You need to ensure that data can be recovered if blobs are accidentally deleted or overwritten. Which three of the following actions should you take? (Choose three.)

Question 224mediummulti select
Read the full Implement and Manage Storage explanation →

Your company plans to migrate on-premises file shares to Azure Files. You need to choose the appropriate Azure Files configuration for different scenarios. Which three of the following statements are correct? (Choose three.)

Question 225mediummulti select
Read the full Implement and Manage Storage explanation →

You are designing a disaster recovery strategy for Azure Blob Storage. The storage account is configured with geo-redundant storage (GRS). Which three of the following statements about GRS and failover are true? (Choose three.)

Question 226mediummulti select
Read the full Implement and Manage Storage explanation →

You are designing a storage solution for a large-scale data analytics application that will run in Azure. The solution needs to support high-throughput writes, hierarchical namespace for organizing data, and the ability to assign POSIX-like permissions to directories and files. Additionally, the solution must support lifecycle management policies to tier data to cooler storage tiers after 30 days and enable blob-level versioning. Which four of the following features or services should you include in your design? (Choose all that apply. There are four correct answers.)

Question 227mediumdrag order
Read the full Implement and Manage Storage explanation →

Order the steps to configure Azure AD Connect for hybrid identity.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 228mediumdrag order
Read the full Implement and Manage Storage explanation →

Arrange the steps to create an Azure Storage account with a container and upload a blob.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Practice tests

Scored 10-question sessions with instant feedback and explanations.

AZ-104 Practice Test 1 — 10 Questions→AZ-104 Practice Test 2 — 10 Questions→AZ-104 Practice Test 3 — 10 Questions→AZ-104 Practice Test 4 — 10 Questions→AZ-104 Practice Test 5 — 10 Questions→AZ-104 Practice Exam 1 — 20 Questions→AZ-104 Practice Exam 2 — 20 Questions→AZ-104 Practice Exam 3 — 20 Questions→AZ-104 Practice Exam 4 — 20 Questions→Free AZ-104 Practice Test 1 — 30 Questions→Free AZ-104 Practice Test 2 — 30 Questions→Free AZ-104 Practice Test 3 — 30 Questions→AZ-104 Practice Questions 1 — 50 Questions→AZ-104 Practice Questions 2 — 50 Questions→AZ-104 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Manage Azure Identities and GovernanceImplement and Manage StorageDeploy and Manage Azure ComputeImplement and Manage Virtual NetworkingMonitor and Maintain Azure Resources

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Implement and Manage Storage setsAll Implement and Manage Storage questionsAZ-104 Practice Hub